Entra Monitor not Writing Diag Logs to Storage Account

Question

I enabled Diag logging for our VPN Gateway and selected a storage account . When I checked the storage account container I see a folder for metrics but nothing for connection related logs which I selected in diag settings. Also what is the best way to view diag logs in a storage account.

Answer 1

Hi rr-4098,

Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

I understand the issue is with your VPN Gateway diagnostic logs not appearing in the storage account as expected. I Suggest you few steps to troubleshoot and resolve this issue:

Check that the diagnostic settings for your VPN Gateway are correctly configured. Ensure that the connection logs are enabled and that the correct storage account is selected, make sure that the specific log categories you want (e.g., GatewayDiagnosticLog, TunnelDiagnosticLog) are enabled. Sometimes, only certain categories might be selected, which could explain why you're not seeing the expected logs

There might be a delay in the logs being generated and written to the storage account. Wait for a few minutes and check again. Ensure that the storage account has the necessary permissions to write logs. The diagnostic settings should have the appropriate access to the storage account, Utilize Azure Network Watcher to troubleshoot VPN gateways. This tool can help diagnose issues and provide detailed logs

For viewing diagnostic logs in a storage account.

Azure Storage Explorer: This tool allows you to browse and manage your storage account, including viewing logs. You can download it here.

Azure Monitor and Log Analytics: You can set up diagnostic settings to send logs to Azure Monitor and use Log Analytics to query and analyze the logs. This provides a more powerful and flexible way to work with your logs

Azure Portal: You can view logs directly in the Azure portal by navigating to your storage account and accessing the logs through the monitoring section

Programmatic Access: Use Azure SDKs or PowerShell to programmatically access and analyze the logs. This can be useful for automation and custom analysis.

---

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.           

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you

Answer 2

Hi rr-4098,

Diagnostic logs are being created but not populated with the expected data. I Suggest few additional steps you can take to troubleshoot this issue, Ensure that the specific log categories you need (e.g., GatewayDiagnosticLog, TunnelDiagnosticLog) are enabled in the diagnostic settings.

Verify Permissions: Double-check that the storage account has the necessary permissions to write logs. Sometimes, permission issues can prevent logs from being properly written.

Latency in Log Generation: There might be a delay in the logs appearing in the storage account. It can take some time for the logs to be generated and transferred

Use Azure Log Analytics: Consider sending the logs to an Azure Log Analytics workspace instead of a storage account. This can provide more robust querying and analysis capabilities

Regarding Network Watcher, it does support VPN gateways for troubleshooting. You can use Network Watcher to diagnose and troubleshoot your VPN gateway and its connections.

Here are the steps:

1. Navigate to Network Watcher: In the Azure portal, go to Network Watcher.
2. Select VPN Troubleshoot: Choose the VPN troubleshoot option.
3. Select Your VPN Gateway: Select the VPN gateway you want to troubleshoot.

Run Diagnostics: Follow the prompts to run diagnostics and view the results.

---

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.           

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you